Authentication issues from Cullen Jennings on 2006-07-31 (w3c-dist-auth@w3.org from July to September 2006)

From: Cullen Jennings <fluffy@cisco.com>
Date: Mon, 31 Jul 2006 08:09:50 -0700
To: Michael Wechner <michael.wechner@wyona.com>
Cc: Manfred Baedke <manfred.baedke@greenbytes.de>, Julian Reschke <julian.reschke@gmx.de>, w3c-dist-auth@w3.org
Message-Id: <62511BF2-5082-4E24-86D3-F4A33AA5275B@cisco.com>

On Jul 3, 2006, at 7:48 AM, Michael Wechner wrote:

>
> Manfred Baedke wrote:
>> Hi Michael,
>>
>> what's really bad about programmatic clients and form based  
>> authentication is the fact that the form comes with status code  
>> 200, telling the client that everything is fine, and there is  
>> really no realiable way for the client to tell wether the response  
>> body is the intended content or a login form. Form based  
>> authentication, as it is widely used nowadays, is broken by  
>> design. Don't use it.
>
> ok, but what is the alternative? BASIC and DIGEST also have issues ;-)
>

This thread has come up other times and places - I'm sort of curios  
to understand what people view as  the issues of Digest inside TLS?

Received on Monday, 31 July 2006 15:10:05 UTC